Configuring Venafi TPP to use the Futurex Adaptable CA Driver
This section covers the following topics:
- Manage credentials
- Create a CA template
- Create a certificate policy
You must add the identity and TLS client certificate created for the Venafi Adaptable CA service as credentials in Venafi TPP.
To define user credentials, perform the following steps:
Log in to the Venafi TPP web UI.
Select Policy Tree in the main menu.
In the main policy tree, select Add > Credential > Username Credential.
In the Username Credential window, add the username and password created contained inside the credential.txt file extracted from the Venafi Adaptable endpoint zip.
Select [ Save ].
The TLS client PKCS #12 file (pki.p12) mutually authenticates with the , allowing only authorized operation and establishing an encrypted tunnel to prevent man-in-the-middle eavesdropping on traffic. To define TLS client certificate credentials in Venafi TPP, perform the following steps:
Log in to the Venafi TPP web UI.
Select Policy Tree in the main menu.
In the main policy tree, select Add > Credential > Certificate Credential.
In the Certificate Credential window, give the credential a name and choose the option to import a certificate and select the pki.p12 file you extracted from the Venafi Adaptable CA endpoint zip the generated for the service.
Specify the corresponding private key password contained within the pki-password.txt file that was also extracted from the Venafi Adaptable CA endpoint zip.
After successfully importing the certificate, select [ Save ] to complete the process.
To create CA templates in Venafi TPP, perform the following steps:
emplLog in to the Venafi TPP web UI.
Select Policy Tree in the main menu.
In the main policy tree, select Add > CA Template > Adaptable.
In the Add New Adaptable window, define the following General and Connection fields:
- CA Name: The desired CA name.
- Username Credential: The username credential you created.
- Certificate Credential: The certificate credential you created.
- Service Address: The IP address or hostname and the Host API port number contained inside the info.txt file.
- Profile String: The container name and name of the issuing CA certificate on the .
- PowerShell Script: CA
If custom X.509 extensions, validity periods, or approval groups are desired, define them in the Custom Fields section. Note that the FuturexCreateCustomFields.ps1 script must run successfully for these to be visible.
Select [ Validate ] to test the connection and authentication with the . This can take up to 5-15 seconds to complete.
Select [ Save ].
To create certificate policies, perform the following steps:
Log in to the Venafi TPP web UI.
Select Policy Tree in the main menu.
In the main policy tree, select Add > Policy.
In the Add New Policy window, define the policy name and any other desired settings, and select [ Save ].
Go to the Certificate tab for the new policy.
In the Other Information section, select the three dots next to the CA Template field and select the CA template you created.
Select [ Save ].